UPDATED 22:09 EDT / MAY 24 2021


FBI issues flash alert on Conti ransomware attacks targeting healthcare providers

The U.S. Federal Bureau of Investigation has issued a flash alert warning that Contri ransomware attacks are continuing to impact healthcare providers and others.

The alert, issued on May 20, claims that there have now been 16 Conti ransomware attacks targeting healthcare and first responder networks, including law enforcement agencies, emergency medical services, 911 dispatch centers and municipalities in the last year. The cases are among more than 400 organizations worldwide targeted by Conti, including 290 located in the U.S.

“Like most ransomware variants, Conti typically steals victim’s files and encrypts the servers and workstations in an effort to force a ransom payment from the victim,” the FBI said. “If the ransom is not paid, the stolen data is sold or published to a public site controlled by the Conti actors.

The FBI notes that recent ransomware demands have been as high as $25 million.

One recent Conti ransomware attack targeted Ireland’s health service, with some stolen patient data shared online. Previous Conti victims include industrial computer manufacturer Advantech Co. Ltd. in November, VOIP hardware and software maker Sangoma Technologies Corp. in December and hospitals in Florida and Texas in February.

“Ransomware groups, like the Conti actors, are going to keep popping up and continue to gain sophistication with every organization that pays,” Joseph Neumann, cyber executive advisor at cybersecurity advisory services Coalfire Systems Inc., told SiiconANGLE. “Hitting first responders and hospitals are good targets due to the pressing need to get back into service after an attack.”

Even if these organizations have a solid plan to get back to normal, it might be slower than paying the ransomware, Neumann added. “As seen from the Colonial pipeline incident, that is still affecting gas prices and demand, restoration of service is slow even when the ransom is paid,” he said.

Bob Rudis, chief data scientist at cybersecurity and compliance solutions provider Rapid7 Inc., noted that this alert isn’t particularly shocking, since healthcare providers have long been a very common target for ransomware attackers.

“Healthcare organizations offer a perfect storm of circumstance that makes them very juicy targets,” Rudis said. “They notoriously struggle to patch systems that are being used around the clock and struggle to justify investment in cybersecurity over investment more directly linked to providing care, while the chaos and time-sensitivity of clinical environments make identity and access management more challenging.”

Photo: J/Flickr

Since you’re here …

Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!

Support our mission:    >>>>>>  SUBSCRIBE NOW >>>>>>  to our YouTube channel.

… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.